build(deps): hold easy-paging at < 0.5 in the SB3 demo block#54
Merged
Conversation
Dependabot opened #50 trying to bump easy-paging 0.4.0 → 0.5.0 across the four SB3 demos. Build went red on all four — 0.5.0 is the SB4 release line and the SB3 demos pin Spring Boot 3.5.x, so the starter's new Spring-Framework-7 / Jackson-3 baseline can't load. The existing `update-types: ["version-update:semver-major"]` ignore didn't catch this because the starter is pre-1.0: 0.4 → 0.5 reads as a minor bump to Dependabot even though it's effectively the SB3 → SB4 release-line jump for us. Replace the major-only ignore with an explicit `versions: [">= 0.5"]` filter on both easy-paging artifacts. 0.4.x patches will still flow to the SB3 demos; 0.5+ stays blocked. The SB4 demos under /easy-paging-sb4-*/ already have no such ignore and continue to track the 0.5.x line. Closes PR #50.
2 tasks
jlc488
added a commit
that referenced
this pull request
May 23, 2026
The easy-paging starter renumbered to align with the Spring Boot major it targets (https://github.com/devslab-kr/.github/blob/main/.github/VERSIONING.md): - SB3 maintenance line: 0.4.0 → 3.0.0 - SB4 active line: 0.5.0 → 4.0.0 This commit bumps the 8 easy-paging demos in lockstep: - easy-paging-{demo,keyset,postgres,reactive}-demo → 3.0.0 - easy-paging-sb4-{demo,keyset,postgres,reactive}-demo → 4.0.0 - top-level README.{md,ko.md} version coordinates Also simplifies .github/dependabot.yml: now that the library major matches the Spring Boot major, the standard `semver-major` ignore does the right thing automatically and the `versions: [">= 0.5"]` filter from PR #54 is no longer needed (would have only ever held until the next SB4-only major release of easy-paging anyway, and that's now explicitly held by `semver-major`). Verified all 4 artifacts live on Maven Central: - easy-paging-spring-boot-starter:4.0.0 - easy-paging-spring-boot-starter:3.0.0 - easy-paging-spring-boot-starter-reactive:4.0.0 - easy-paging-spring-boot-starter-reactive:3.0.0
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Stops Dependabot from bumping
kr.devslab:easy-paging-spring-boot-starterpast 0.4.x in the four SB3 demos (easy-paging-demo,easy-paging-keyset-demo,easy-paging-postgres-demo,easy-paging-reactive-demo).Problem
Dependabot opened #50 bumping easy-paging 0.4.0 → 0.5.0 in the SB3 demos. CI went red on all four — 0.5.0 is the SB4 release line (Spring Framework 7 / Jackson 3) and the SB3 demos pin Spring Boot 3.5.x.
The existing ignore rule
didn't catch it because the starter is pre-1.0:
0.4 → 0.5reads to Dependabot as a minor bump even though it's effectively the SB3 → SB4 release-line jump in this codebase.Fix
Replace the major-only ignore with an explicit
versions:filter on both easy-paging artifacts:/easy-paging-sb4-*/have no such ignore and continue to track the 0.5.x lineFollow-up
After this merges, close #50 (PR will be a no-op against the new policy anyway, since Dependabot won't reopen).
Test plan
.github/dependabot.ymltouched — no demo builds triggered)